{"id":2950,"date":"2024-04-05T12:14:36","date_gmt":"2024-04-05T17:14:36","guid":{"rendered":"https:\/\/www.darkreading.com\/cloud-security\/magecart-attackers-pioneer-persistent-ecommerce-backdoor"},"modified":"2024-04-05T12:14:36","modified_gmt":"2024-04-05T17:14:36","slug":"magecart-attackers-pioneer-persistent-e-commerce-backdoor","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/04\/05\/magecart-attackers-pioneer-persistent-e-commerce-backdoor\/","title":{"rendered":"Magecart Attackers Pioneer Persistent E-Commerce Backdoor"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

Magecart attackers have a new trick: Stashing persistent backdoors within e-commerce websites that are capable of pushing malware automatically.<\/span><\/p>\n

According to <\/span>researchers at Sansec<\/a><\/span>, the threat actors are exploiting a critical command injection vulnerability in the Adobe Magento e-commerce platform (CVE-2024-20720, CVSS score of 9.1), which allows arbitrary code execution without user interaction.<\/span><\/p>\n

The executed code is a “cleverly crafted layout template” in the layout_update database table, which contains XML shell code that automatically injects malware into compromised sites via the controller for the Magento content management system (CMS).<\/span><\/p>\n

“Attackers combine the Magento layout parser with the beberlei\/assert package (installed by default) to execute system commands,” Sansec said in an alert. “Because the layout block is tied to the checkout cart, this command is executed whenever <store>\/checkout\/cart is requested.”<\/span><\/p>\n

Sansec observed Magecart (a long-running umbrella organization for cybercrime groups that <\/span>skim payment card data from e-commerce sites<\/a><\/span>) using this technique to inject a Stripe payment skimmer, which captures and exfiltrates payment data to an attacker-controlled site.<\/span><\/p>\n

Adobe resolved the security bug in February in both Adobe Commerce and Magento, so e-tailers should upgrade their versions to 2.4.6-p4, 2.4.5-p6, or 2.4.4-p7 to be protected from the threat.<\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Magecart attackers have a new trick: Stashing persistent backdoors within<\/p>\n","protected":false},"author":12,"featured_media":2951,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-2950","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/magecart-attackers-pioneer-persistent-e-commerce-backdoor.jpg?fit=1200%2C800&ssl=1",1200,800,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/magecart-attackers-pioneer-persistent-e-commerce-backdoor.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/magecart-attackers-pioneer-persistent-e-commerce-backdoor.jpg?fit=300%2C200&ssl=1",300,200,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/magecart-attackers-pioneer-persistent-e-commerce-backdoor.jpg?fit=640%2C427&ssl=1",640,427,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/magecart-attackers-pioneer-persistent-e-commerce-backdoor.jpg?fit=640%2C427&ssl=1",640,427,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/magecart-attackers-pioneer-persistent-e-commerce-backdoor.jpg?fit=1200%2C800&ssl=1",1200,800,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/magecart-attackers-pioneer-persistent-e-commerce-backdoor.jpg?fit=1200%2C800&ssl=1",1200,800,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/magecart-attackers-pioneer-persistent-e-commerce-backdoor.jpg?fit=1024%2C683&ssl=1",1024,683,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/magecart-attackers-pioneer-persistent-e-commerce-backdoor.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/magecart-attackers-pioneer-persistent-e-commerce-backdoor.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/magecart-attackers-pioneer-persistent-e-commerce-backdoor.jpg?fit=1200%2C800&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2950","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2950"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2950\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/2951"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2950"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2950"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2950"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}